Can this Network Configuration be saved?
I am in the middle of a nightmare. We purchased 5 HP Procurve 1700-24 switches which are not stackable and have no layer 3 routing capabilities. We also purchased a Cisco 871 Router with Advanced IP Services firmware.
We want to build a network that has 37 VLANs. Each VLAN needs to be separate from each other, but share a single internet connection.
I have tried to create this by building subinterfaces.
Here are the problems. The Router (Cisco 871) does not support more than 4 VLANs. The switches can support the total number of VLANs but they do not have level 3 capabilities. I called Cisco and they said that the first router to support more than 36 VLANs is the 2801 with a price tag of $3000.00.
So here's what I want to do. I want to put a layer 3 switch in, configure it to route all the different VLANs to a router which is ALSO connected to the layer 3 switch which will then direct the connections to the internet. Did I just make it too complicated? Is there a better way without having to buy all new stuff?
Any good network architecture ideas would be appreciated. All I need is stability and functionality.
Thanks in advance.
We want to build a network that has 37 VLANs. Each VLAN needs to be separate from each other, but share a single internet connection.
I have tried to create this by building subinterfaces.
Here are the problems. The Router (Cisco 871) does not support more than 4 VLANs. The switches can support the total number of VLANs but they do not have level 3 capabilities. I called Cisco and they said that the first router to support more than 36 VLANs is the 2801 with a price tag of $3000.00.
So here's what I want to do. I want to put a layer 3 switch in, configure it to route all the different VLANs to a router which is ALSO connected to the layer 3 switch which will then direct the connections to the internet. Did I just make it too complicated? Is there a better way without having to buy all new stuff?
Any good network architecture ideas would be appreciated. All I need is stability and functionality.
Thanks in advance.
I agree with donjohnson as to get a layer 3 switch but since all your other switches are HP procurves then you might consider looking at the Procurve switches for your layer 3 switch. Might save you some money and give you just as much functionality. Cisco is also a good choice too, just sometimes too expensive for the need.
http://www.hp.com/rnd/products/LAN_core.htm
http://www.hp.com/rnd/products/LAN_core.htm
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Good point about the NAT feature. I didn't think about that.
So keep the router for NAT and use the switch for the interVLAN routing.
So keep the router for NAT and use the switch for the interVLAN routing.
ASKER
So, let me see if I have this correct. (And thank you, the advice has been very helpful)
I can link my HP Procurve 1700-24 switches together via the GB ports on the end, then build my 36 VLANs. I then connect (this is from HP pre-sales technical support) an HP Procurve 2610-24 Layer 3 switch at the top and use it for interVLAN routing.
According to HP, this 24 port switch should be able to route all 36 VLANs (I'm stil not sure how it does that with only 24 ports, but... bridges to cross). The 2610 routes to my Cisco 871, which is already running Advanced Security firmware (thanks for the advice, lnavin). My Cisco 871 connects to another switch, which is connected to my CPE router, a Cisco 2610 XM provided by AT&T. The switch between my CPE and my 871 is just a plain old 3Com providing DMZ access to the internet via static settings to any one of our bank of public IP Addresses.
Does this sound right?
Thanks again for the help.
I can link my HP Procurve 1700-24 switches together via the GB ports on the end, then build my 36 VLANs. I then connect (this is from HP pre-sales technical support) an HP Procurve 2610-24 Layer 3 switch at the top and use it for interVLAN routing.
According to HP, this 24 port switch should be able to route all 36 VLANs (I'm stil not sure how it does that with only 24 ports, but... bridges to cross). The 2610 routes to my Cisco 871, which is already running Advanced Security firmware (thanks for the advice, lnavin). My Cisco 871 connects to another switch, which is connected to my CPE router, a Cisco 2610 XM provided by AT&T. The switch between my CPE and my 871 is just a plain old 3Com providing DMZ access to the internet via static settings to any one of our bank of public IP Addresses.
Does this sound right?
Thanks again for the help.
That sounds correct.
The switch can support the VLAN's because they are not dependant on a physical port. You have 5 access switches so you will only need 5 ports on your core for the switches. Each of these ports should be setup to 'trunk' the connections. This will allow all VLAN's to travel across one physical port.
The default gateway of the L3 core switch should be the 871. The 871 Dg should be the ISP router.
The 871 NAT rule should NAT everything outbound. The rule might look something like this....
ip nat inside source list 101 interface Ethernet1 overload
access-list 101 permit ip any any
The switch can support the VLAN's because they are not dependant on a physical port. You have 5 access switches so you will only need 5 ports on your core for the switches. Each of these ports should be setup to 'trunk' the connections. This will allow all VLAN's to travel across one physical port.
The default gateway of the L3 core switch should be the 871. The 871 Dg should be the ISP router.
The 871 NAT rule should NAT everything outbound. The rule might look something like this....
ip nat inside source list 101 interface Ethernet1 overload
access-list 101 permit ip any any
ASKER
I have included a diagram of the equipment in question up to the 871 Router (which is not wireless, but that was the only Visio image I could find).
Does each 1700 switch need to connect to the 2610 individually, or can I connect Port 23 of the top 1700 switch to the 2610?
Procurve-Network.doc
Does each 1700 switch need to connect to the 2610 individually, or can I connect Port 23 of the top 1700 switch to the 2610?
Procurve-Network.doc
You will get better performance by connection each 1700 directly to 2610.
Almost. You will have to buy something though. Drop in a multilayer switch and leave out the router. Something like a Cisco 3550 will do just fine. You can find them on ebay for about $500.
http://cgi.ebay.com/CISCO-WS-C3550-48-SMI-48-PORTS-3550-SWITCH-EMI-IMAGE_W0QQitemZ220361282999QQcmdZViewItemQQptZCOMP_EN_Hubs?hash=item220361282999&_trksid=p3286.c0.m14&_trkparms=72%3A1234|66%3A2|65%3A12|39%3A1|240%3A1318|301%3A1|293%3A1|294%3A50